CN115459913A - Quantum key cloud platform-based link transparent encryption method and system - Google Patents

Quantum key cloud platform-based link transparent encryption method and system Download PDF

Info

Publication number
CN115459913A
CN115459913A CN202211106918.5A CN202211106918A CN115459913A CN 115459913 A CN115459913 A CN 115459913A CN 202211106918 A CN202211106918 A CN 202211106918A CN 115459913 A CN115459913 A CN 115459913A
Authority
CN
China
Prior art keywords
quantum
key
encryption
data
cloud platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211106918.5A
Other languages
Chinese (zh)
Inventor
於建江
胡辉
董智超
郑韶辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Quantum Technologies Co ltd
Original Assignee
Zhejiang Quantum Technologies Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Quantum Technologies Co ltd filed Critical Zhejiang Quantum Technologies Co ltd
Priority to CN202211106918.5A priority Critical patent/CN115459913A/en
Publication of CN115459913A publication Critical patent/CN115459913A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/067Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

A transparent link encryption method based on a quantum key cloud platform comprises that a quantum encryption agent registers on a quantum cryptography service platform; updating quantum information of the quantum encryption agent equipment; detecting between quantum encryption agents; identity authentication and quantum session key agreement between quantum encryption agents; quantum encryption agent to quantum key cloud platform identity authentication; the quantum encryption agent obtains a quantum key from a quantum key cloud platform; the quantum encryption agent uses the negotiated quantum session key to encrypt and decrypt the transmitted data; and the quantum encryption agent encrypts and decrypts the transmitted data by using the quantum session key to form an encrypted data packet. Compared with the prior art, the invention solves the problems of safe transmission of the current digital service system, efficiency and reliability similar to VPN link encryption and incapability of coping with the threat of potential quantum computation by using a key negotiation algorithm of an asymmetric cryptographic mechanism, and realizes the encrypted communication of network data between the quantum encryption agent and the quantum encryption agent.

Description

Quantum key cloud platform-based link transparent encryption method and system
Technical Field
The invention relates to the field of quantum secret communication and the technical field of encryption, in particular to a link transparent encryption method and system based on a quantum key cloud platform.
Background
The existing technology of communication encryption service with quantum key centralized management mainly has the following problems:
1) With the acceleration of the digitization process, a service system adopts a plaintext transmission mode, so that the data security problem exists, and sensitive data are easy to leak;
2) After the enterprise business is in the cloud, the link encryption equipment is serially deployed in front of the business server, which is difficult;
3) The key used by the common link encryption equipment has the problem of difficult management;
4) A generic link encryption device, like a VPN, uses a key agreement algorithm based on an asymmetric cryptographic mechanism,
5) A technical drawback of being unable to cope with the threat of potential quantum computation;
6) The common link encryption equipment is generally connected in series in a communication link, so that equipment fault points are easily increased, and the original service is influenced;
7) Similar VPN link encryption occupies more bandwidth, and the efficiency problem exists.
Disclosure of Invention
The invention aims to provide a quantum key cloud platform-based link transparent encryption method and system, which aim to solve the technical defects that the safe transmission of the current digital service system, the efficiency and reliability of similar VPN link encryption, the threat of potential quantum computation which cannot be met by using a key negotiation algorithm based on an asymmetric cryptographic mechanism and the like are overcome.
The technical scheme of the invention is realized as follows:
a link transparent encryption method based on a quantum key cloud platform comprises the following steps:
s1: the quantum encryption agent registers on a quantum cryptography service platform;
s2, quantum information of quantum encryption agent equipment is updated, and the quantum information of the quantum encryption agent equipment can be updated in an off-line mode or an on-line mode;
s3, detecting between quantum encryption agents, wherein when data communication is carried out between a service terminal and a service server, the detection between the quantum encryption agents needs to be completed before network data are encrypted, whether the quantum encryption agents on the opposite side exist or not is judged, and if yes, key negotiation of network data encryption is carried out;
s4, identity authentication and quantum session key agreement between quantum encryption agents, wherein when data communication is carried out between a service terminal and a service server, encrypted data need to firstly negotiate a quantum session key, the quantum session key agreement comprises that the quantum encryption agents complete identity bidirectional authentication, and then a final quantum session key is negotiated on the basis of SM2 key agreement and a quantum session key distributed by a quantum key cloud platform;
s5, quantum encryption agent is used for quantum key cloud platform identity authentication;
s6, quantum encryption agent obtains a quantum key from the quantum key cloud platform;
s7, the quantum encryption agent encrypts and decrypts the transmitted data by using the negotiated quantum session key;
and S8, the quantum encryption agent encrypts and decrypts the transmitted data by using the quantum session key to form an encrypted data packet.
Preferably, step S1 is specifically:
s11: logging in a quantum key cloud platform management system for registration, inputting quantum encryption agent equipment information, generating quantum encryption agent information and a plurality of groups of quantum symmetric keys which are associated with quantum encryption agents, and storing the quantum encryption agent information and the groups of quantum symmetric keys in the quantum key cloud platform.
S12: and simultaneously downloading the information of the quantum encryption agent and the multiple groups of quantum symmetric keys and storing the information and the multiple groups of quantum symmetric keys into the quantum encryption agent.
Preferably, step S2 is specifically:
s21: and the quantum encryption agent requests the quantum key cloud platform to update the quantum information of the equipment.
S22: the quantum key cloud platform receives the request, searches corresponding key updating quantum key and verification quantum key through the DeviceName, generates a new identity quantum key, a new key encryption quantum key, a new key updating quantum key and a new verification quantum key of the equipment, encrypts the new multiple groups of quantum keys by using the key updating quantum key to generate key ciphertext data, generates key verification data for the DeviceName and the key ciphertext data by using the verification quantum key, and sends the key ciphertext data and the key verification data to the quantum encryption agent.
S23, the quantum encryption agent receives response data of the quantum key cloud platform to obtain key ciphertext data and key check data, the check quantum key is used for checking the key check data, the key updating quantum key is used for decrypting the key ciphertext data to obtain a new identity quantum key, a new key encryption quantum key, a new key updating quantum key and a new check quantum key, if the check is passed, the updating is successful, otherwise, the updating is failed, and if the updating is successful, the quantum encryption agent terminal and the quantum encryption agent gateway transmit an updating confirmation message to the quantum key cloud platform.
Preferably, step S3 specifically:
s31: when the service terminal sends data to the service server, the quantum encryption agent terminal intercepts the data packet and judges whether the negotiated quantum session key exists or not, and if so, the negotiated quantum session key is directly used for encrypting the data. Otherwise, carrying out quantum session key negotiation;
s32: the quantum encryption agent detects whether a quantum encryption agent exists at the opposite end, and sends a detection initial message;
s33: the opposite side quantum encryption agent receives the detection packet and responds to the detection initial message;
s34: the quantum encryption agent requests a quantum key to the quantum key cloud platform, the quantum key cloud platform responds to the quantum key request message, and the quantum key is encrypted by adopting a key encryption quantum key;
s35: the quantum encryption agent sends a detection handshake message to the opposite-end quantum encryption agent;
s36: the quantum encryption agent on the opposite side receives the message, the quantum encryption agent requests a quantum key from the quantum key cloud platform, the quantum key cloud platform responds to the quantum key request message and encrypts the quantum key by adopting the key encryption, and the quantum encryption agent on the opposite side sends a detection handshake response message.
S37: and the quantum encryption agent receives the message and sends a detection handshake confirmation message to the opposite-end quantum encryption agent.
Preferably, step S4 specifically:
s41: the quantum identity key is utilized between the quantum encryption agents, and bidirectional identity authentication is completed through multiple times of transmission;
s42: and negotiating a final quantum session key based on the SM2 key negotiation and the quantum session key distributed by the quantum key cloud platform.
Preferably, in step S6, the quantum encryption agent obtains the quantum key from the quantum key cloud platform, and the specific process is as follows:
s61: and the quantum encryption agent requests the quantum key cloud platform to acquire the quantum key.
S62: the quantum key cloud platform receives the request, judges whether the quantum encryption agent has the authority to acquire the quantum key according to the own DeviceName, if the quantum encryption agent has the authority to acquire the quantum key, searches whether the corresponding KID key exists, if the quantum encryption agent does not have the authority, generates a quantum identity key quantum session key and a check quantum key of the agent through a quantum random number generator or QKD, searches the corresponding key encryption quantum key and the check quantum key through the DeviceName, encrypts the multiple groups of quantum keys by using the key encryption quantum keys to generate key ciphertext data, generates key ciphertext data by using the check quantum keys for the DeviceName and the key ciphertext data, and sends the key ciphertext data and the key check data to the quantum encryption agent;
s63, the quantum encryption agent receives response data of the quantum key cloud platform to obtain key ciphertext data and key check data, the check quantum key is used for checking the key check data, the key encryption quantum key is used for decrypting the key ciphertext data to obtain a quantum identity key quantum session key and a check quantum key, if the check is passed, the check is successful, otherwise, the check is failed, and if the check is successful, the quantum encryption agent sends an acquisition confirmation message to the quantum key cloud platform.
Preferably, in step S7, the quantum encryption agent encrypts and decrypts the transmitted data by using the negotiated quantum session key, and the specific steps include:
when a service terminal sends data to a service server, the quantum encryption agent is used for intercepting a data packet, the respective quantum encryption agent completes identity authentication on a quantum key cloud platform to obtain a quantum key, the obtained quantum key is used for completing identity authentication and final quantum session key negotiation between the quantum encryption agents, and the quantum session key is used for encrypting and decrypting the data, and the method comprises the following steps:
s71: when a business terminal sends data to a business server, the quantum encryption agent is used for intercepting a data packet, and the quantum encryption agent is used for detecting the quantum encryption of the opposite end side;
s72: and the quantum identity keys are utilized among the quantum encryption agents, and bidirectional identity authentication is completed through multiple times of transmission.
S73: quantum session keys distributed based on SM2 key negotiation and a quantum key cloud platform are utilized between quantum encryption agents to negotiate final quantum session keys and check quantum keys;
s74: encrypting the data packet by using a final quantum session key negotiated among the quantum encryption agents to form an encrypted data packet;
s75: the opposite side quantum encryption agent intercepts the encrypted data packet, decrypts the encrypted data packet and sends the decrypted data to the service server;
s76: the service server returns response data to the service terminal, the quantum encryption agent intercepts a response data packet, and encrypts the response data packet by using a quantum session key negotiated between the quantum encryption agents to form an encrypted data packet;
s77: and the opposite side quantum encryption agent intercepts the encrypted data packet, decrypts the encrypted data packet and sends the decrypted data to the service terminal.
Preferably, in step S8, the quantum encryption agent encrypts and decrypts the transmitted data by using the quantum session key to form an encrypted data packet, and the specific steps include:
s81: and when the service terminal sends data to the service server, the quantum encryption agent terminal intercepts a data packet.
S82: intercepting the encrypted data packet by a peer-side quantum encryption agent, splitting the encrypted data packet into an IP (Internet protocol) head, a quantum encryption head, data to be quantum decrypted and data to be quantum verified;
s83: and when the service server sends data to the service terminal, intercepting the data packet by using the quantum encryption agent.
S84: and the opposite side quantum encryption agent intercepts the encrypted data packet, and splits the encrypted data packet into an IP head, a quantum encryption head, data to be subjected to quantum decryption and data to be subjected to quantum verification.
The invention also provides a link transparent encryption system based on the quantum key cloud platform, which comprises the quantum key cloud platform and the quantum encryption agent, wherein the service terminal and the quantum encryption agent are connected in series, the service server and the quantum encryption agent are connected in series,
the quantum key cloud platform completes the centralized management of quantum keys and is responsible for providing identity authentication service and quantum key management service for the quantum encryption agent;
the quantum encryption agent registers to the quantum key cloud platform, identity authentication is completed, a quantum key is obtained, identity authentication and session key negotiation are completed between the quantum encryption agent and the quantum encryption agent, and network transmission data are encrypted and decrypted.
Preferably, the quantum key cloud platform comprises a quantum random number module, a QKD networking module, a quantum key management module, a registration module, an identity authentication service module and a quantum key service module, and is responsible for generating a quantum key, managing the quantum key by the key management module, authenticating the identity by the identity authentication module, accessing the quantum encryption agent, and providing quantum key service for the quantum encryption agent by the quantum key service module.
Preferably, the quantum encryption agent comprises a detection module, a quantum random number module, an identity authentication module, a key agreement module, a network data processing module and a data encryption and decryption module, the quantum encryption agent completes identity authentication on a quantum key cloud platform and requests quantum key service, the quantum encryption agent completes identity authentication and negotiates a quantum session key, and processes network data to complete encryption and decryption of the network data.
Compared with the prior art, the invention has the following beneficial effects:
1. the quantum information of the quantum encryption agent terminal and the quantum encryption agent gateway, the quantum session key and the check quantum key are managed in a centralized manner through the quantum key cloud platform, so that the key distribution problem of a symmetric key system in the prior art is solved;
2. the invention realizes the encryption communication of the network data between the quantum encryption agent and the quantum encryption agent under the condition of not changing the network architecture between the original service terminal and the service server;
3. the quantum encryption agent and the opposite-end quantum encryption agent can encrypt network data in an encryption mode with equal length of ciphertext and plaintext, and the effective utilization rate of bandwidth is fully ensured;
4. the quantum encryption agent can update the equipment quantum information through the quantum key cloud platform, so that one certificate and one cipher of the identity quantum key can be realized, one cipher of the quantum key can be encrypted by the key, and the security of the quantum key centralized distribution is improved;
5. identity authentication can be conveniently realized between the quantum encryption agent and the quantum encryption agent by using the quantum identity key distributed by the quantum key cloud platform;
6. the quantum session key negotiated between the quantum encryption agent and the quantum encryption agent can be updated as required, so that the one-time-pad communication encryption is realized, and the security of encrypted communication is improved.
Drawings
Fig. 1 is a structural diagram of a quantum key cloud platform-based link transparent encryption system of the present invention;
FIG. 2 is a diagram of a quantum key cloud platform composition structure according to the present invention;
FIG. 3 is a block diagram of the quantum cryptography agent composition of the present invention;
FIG. 4 is a diagram of a quantum encrypted data message format of the present invention;
FIG. 5 is a format diagram of a quantum encrypted data message (ciphertext and plaintext are equal in length) according to the invention.
Detailed Description
The present invention will now be described more fully hereinafter with reference to the accompanying drawings, in which embodiments of the invention are shown.
As shown in fig. 1, a quantum key cloud platform based link transparent encryption system mainly includes: quantum key cloud platform and quantum encryption agent. The service terminal and the quantum encryption agent are connected in series, and the service server and the quantum encryption agent are connected in series.
The quantum key cloud platform mainly completes quantum key centralized management and is responsible for providing identity authentication service and quantum key management service for the quantum key encryption agent.
The quantum encryption agent mainly registers to the quantum key cloud platform to complete identity authentication and obtain the quantum key. And the quantum encryption agent complete identity authentication and session key negotiation and encrypt and decrypt network transmission data.
The quantum key cloud platform is characterized by consisting of a quantum random number module, a QKD networking module, a quantum key management module, a registration module, an identity authentication service module and a quantum key service module.
As shown in fig. 2, the quantum key cloud platform is responsible for generating a quantum key, the key management module is responsible for managing the quantum key, the identity authentication module is responsible for identity authentication accessed by the quantum encryption agent, and the quantum key service module is responsible for providing quantum key service to the quantum encryption agent.
The quantum encryption agent mainly comprises a detection module, a quantum random number module, an identity authentication module, a key agreement module, a network data processing module and a data encryption and decryption module.
As shown in fig. 3, the quantum encryption agent completes identity authentication to the quantum key cloud platform and requests quantum key service. And the quantum encryption agents finish identity authentication and negotiate a quantum session key, process network data and finish encryption and decryption of the network data.
The quantum key cloud platform performs unified management on the quantum keys to provide quantum keysThe key comprises the operations of generation, storage, distribution and destruction, quantum key service is provided for the quantum encryption proxy terminal/gateway, the managed quantum key K comprises two components, a key identifier KID and a key value KV
Figure 718308DEST_PATH_IMAGE001
The quantum encryption agent is registered in the quantum key cloud platform. And the quantum key cloud platform generates device quantum information related to the quantum encryption agent information and stores the device quantum information into the quantum encryption agent. The device quantum information mainly comprises DeviceName and a plurality of groups of quantum symmetric keys, and comprises an identity quantum key, a key encryption quantum key, a key updating quantum key and a verification quantum key.
When data communication is carried out between the service terminal and the service server, quantum encryption agent detection is carried out firstly according to encryption strategy requirements, quantum session key negotiation between the quantum encryption agent terminal and a quantum encryption agent gateway is carried out, and then the data are encrypted and decrypted by respectively utilizing quantum session keys negotiated by the quantum encryption agent terminal and the quantum encryption agent gateway, so that the encryption communication of network data is completed.
The invention discloses a transparent link encryption method based on a quantum key cloud platform, which comprises the following steps:
s1: the quantum encryption agent is registered on a quantum cryptography service platform, and the step of registering the quantum encryption agent on the quantum key cloud platform comprises the following steps:
s11: logging in the quantum key cloud platform management system for registration, inputting quantum encryption agent equipment information, generating quantum encryption agent information and a plurality of groups of quantum symmetric keys which are associated with the quantum encryption agent, and storing the quantum encryption agent information and the groups of quantum symmetric keys in the quantum key cloud platform;
s12: and simultaneously downloading the information of the quantum encryption agent and a plurality of groups of quantum symmetric keys, and storing the information and the groups of quantum symmetric keys into the quantum encryption agent.
S2: the quantum encryption agent device updates the quantum information,
the device quantum information of the quantum encryption agent can be updated off-line or on-line. The offline updating mainly comprises the step that the quantum encryption agent performs re-registration on the quantum key cloud platform, and the specific steps are similar to registration. The online updating method mainly comprises the following steps:
s21: the quantum encryption agent requests the quantum key cloud platform to update the device quantum information, and the request mainly comprises DeviceName.
S22: the quantum key cloud platform receives the request, searches corresponding key updating quantum keys and verification quantum keys through the DeviceName, generates new identity quantum keys, new key encryption quantum keys, new key updating quantum keys and new verification quantum keys of the equipment, encrypts the new multiple groups of quantum keys by using the key updating quantum keys to generate key ciphertext data, generates key verification data for the DeviceName and the key ciphertext data by using the verification quantum keys, and sends the key ciphertext data and the key verification data to the quantum encryption agent.
S23, the quantum encryption agent receives response data of the quantum key cloud platform to obtain key ciphertext data and key check data, the check quantum key is used for checking the key check data, the key updating quantum key is used for decrypting the key ciphertext data to obtain a new identity quantum key, a new key encryption quantum key, a new key updating quantum key and a new check quantum key, if the check is passed, the update is successful, otherwise, the update is failed. And if the updating is successful, the quantum encryption proxy terminal and the quantum encryption proxy gateway send an updating confirmation message to the quantum key cloud platform.
S3: the detection between the quantum encryption agents is carried out,
when data communication is carried out between the service terminal and the service server, detection between quantum encryption agents needs to be completed before network data are encrypted, and whether the opposite side quantum encryption agents exist is judged. And if so, performing key negotiation for network data encryption. The detection process between the quantum encryption agents mainly comprises the following steps:
s31: when the service terminal sends data to the service server, the quantum encryption agent terminal intercepts a data packet and judges whether a negotiated quantum session key exists or not, and the negotiated quantum session key is directly used for encrypting the data if the negotiated quantum session key exists. Otherwise, carrying out quantum session key negotiation.
S32: the quantum encryption agent detects whether the opposite end has the quantum encryption agent, and sends a detection initial message containing the DeviceName information of the quantum encryption agent.
S33: the opposite side quantum encryption agent receives the detection packet, responds to the detection initial message and contains DeviceName information of the own quantum encryption agent.
S34: the quantum encryption agent requests the quantum key by the quantum encryption agent vector sub-key cloud platform, wherein the quantum key comprises quantum encryption agent DeviceName information, opposite-end quantum encryption agent DeviceName information and quantum key KID information. Quantum key cloud platform response quantum key request message containing quantum identity key
Figure 241693DEST_PATH_IMAGE002
Quantum session key
Figure 609221DEST_PATH_IMAGE003
And checking quantum key
Figure 850846DEST_PATH_IMAGE004
And the quantum key encryption is carried out by adopting the key encryption.
S35: and the quantum encryption agent sends a detection handshake message to the opposite-end quantum encryption agent, wherein the detection handshake message comprises information of KID1, KID2 and KID3.
S36: and the opposite-end side quantum encryption agent receives the message and requests quantum keys of KID1, KID2 and KID3 by the vector sub-key cloud platform. Quantum key cloud platform response quantum key request message containing quantum identity key
Figure 312921DEST_PATH_IMAGE002
Quantum session key
Figure 956392DEST_PATH_IMAGE003
And checking quantum key
Figure 229241DEST_PATH_IMAGE004
And the quantum key encryption is carried out by adopting the key encryption. And the opposite-end side quantum encryption agent sends a detection handshake response message which contains information of KID1, KID2 and KID3.
S37: and the quantum encryption agent receives the message and sends a detection handshake confirmation message to the opposite-end quantum encryption agent.
S4: identity authentication and quantum session key agreement between quantum encryption agents
When the service terminal and the service server side carry out data communication, quantum session keys need to be negotiated firstly for data encryption. The quantum session key agreement mainly comprises the steps of completing identity bidirectional authentication between quantum encryption agents, and then negotiating a final quantum session key based on the quantum session key distributed by SM2 key agreement and a quantum key cloud platform, and the method mainly comprises the following steps:
s41: and the quantum identity key K1 is utilized between the quantum encryption agents to complete bidirectional identity authentication through three times of transmission.
S411: the start side quantum encryption agent sends Ra, KID1 and a Text field Text1 through a quantum random number Ra generated by the quantum random number module.
S412: and the opposite side quantum encryption agent calculates the Tokenba through the quantum random number Rb generated by the quantum random number module and sends the Tokenba to the opposite side quantum encryption agent. Wherein, token = FUN (K1, R, text), FUN represents an encryption/decryption operation based on a symmetric key or a cryptographic check function, K1 is an identity quantum key, R = Ra | | Rb, text is a Text field.
S413: and the start side quantum encryption agent checks whether the Tokenba is correct, calculates the Tokenab if the Tokenba is correct, and sends the KID1 and the Tokenab to the opposite side quantum encryption agent.
S414: and checking the Tokenab by the opposite-side quantum encryption agent, and if the Tokenab is correct, completing the bidirectional identity authentication.
S42: and negotiating a final quantum session key based on the SM2 key negotiation and the quantum session key distributed by the quantum key cloud platform.
S421: the quantum encryption agent at the starting side initializes SM2 key negotiation parameters through a quantum random number rA generated by a quantum random number module, calculates RA = [ rA ] G = (x 1, y 1), calculates a hash value ZA of a discernible mark, partial elliptic curve system parameters and a user A public key of a user A, and sends public keys PA and ZA of KID2, KID3, RA and A to the quantum encryption agent at the opposite side.
S422: the opposite side quantum encryption agent initializes SM2 key negotiation parameters through a quantum random number rB generated by a quantum random number module, calculates RB = [ rB ] G = (x 2, y 2), and calculates ZB which is a hash of a discernible identification of the user B, partial elliptic curve system parameters and a public key of the user B. And checking whether the parameters are consistent through ZA, if so, calculating a shared key KB according to an SM2 key negotiation protocol, and calculating a hash value SB of the RA and RB combined parameters. And the opposite-end side quantum encryption agent sends the public keys of KID2, KID3, RB and B, ZB and SB to the start-end quantum encryption agent.
S423: the quantum encryption agent at the starting end receives data, checks whether the parameters are consistent through ZB, calculates a hash value SA of the combined parameters of RA and RB if the parameters are consistent, compares SA with SB if the parameters are consistent, calculates a shared key KA if the parameters are consistent, calculates a final quantum session key K = KV2 or KA, checks a quantum key K3, and sends KID2, KID3 and SA to the quantum encryption agent at the opposite end.
S424: and the opposite-end side quantum encryption agent receives the data, locally verifies whether the SA and the SB are consistent or not, and if so, calculates a final quantum session key K = KV2 and changes to KB, and checks the quantum key K3. Where SM2 negotiates a shared key KA = KB.
The quantum session key update between the quantum encryption agents is the same as the quantum session key negotiation step between the quantum encryption agents.
S5: quantum encryption agent to quantum key cloud platform identity authentication,
when the quantum encryption agent finishes identity authentication to a quantum key cloud platform, a bidirectional authentication mode based on a quantum symmetric key is adopted, and the method mainly comprises the following steps:
s51: the quantum encryption agent serves as a Client, sends Client-first-message to a server, and sends KID containing locally generated quantum random number Client-nonce, deviceName and identity quantum key to the quantum key cloud platform.
S52: the quantum key cloud platform serves as a Server, receives the DeviceName, the KID and the Client-nonce, searches the Salt and the Iteration-count corresponding to the DeviceName, simultaneously generates a quantum random number Server-nonce, and sends the Server-first-message to the quantum encryption proxy terminal or the quantum encryption proxy gateway together with the Salt and the Iteration-count.
S53: the quantum encryption proxy terminal or the quantum encryption proxy gateway receives the Server-nonce, the salt and the iteration-count, and calculates a client identity Proof [ c ] = Key [ c ] ≦ HC (H (Key [ c ], auth)). Where KV is the identity quantum key, auth = client-first-message + server-first-message. Key [ c ] = DK (KV, salt, iteration-count). HC () represents an abstract function whose output result is related to the input function, wherein an implementation may be an algorithm related to cryptography. H () denotes a hash function, and DK () denotes a key derivation function. And the quantum encryption proxy terminal or the quantum encryption proxy gateway sends an identity Proof of [ c ] to the quantum key cloud platform.
S54: after receiving the message, the quantum Key cloud platform searches H (Key) stored by a corresponding server according to DeviceName, calculates Key [ d ] = Proof [ c ]. The HC (H (Key, auth) by combining client-first-message and server-first-message, compares whether H (Key [ d ]) is consistent with H (Key), if the authentication is passed, proof [ d ] = HC (H (Key [ d ], auth) is calculated, and the server identity Proof [ d ] is sent to the quantum encryption proxy terminal or the quantum encryption proxy gateway.
S55: the quantum encryption proxy terminal or the quantum encryption proxy gateway receives Proof [ d ], calculates Proof [ e ] = HC (H (Key [ c ], auth), compares the values of Proof [ d ] and Proof [ e ], and if the values are consistent, the authentication is passed to the server, otherwise, the authentication is not passed.
S6: quantum encryption agent vector quantum key obtaining cloud platform
The quantum encryption agent acquires the quantum key from the quantum key cloud platform after completing the identity authentication, and the method mainly comprises the following steps:
s61: the quantum encryption agent requests the quantum key cloud platform to acquire the quantum key, and the request mainly comprises own DeviceName, the DeviceName (optional) of the opposite-end quantum encryption agent, and KID1, KID2 and KID3. Wherein the initiator quantum cryptographic agent initiates the request to include the DeviceName of the peer quantum cryptographic agent. The opposite side quantum cryptographic agent initiating request needs to include its DeviceName and KID1, KID2, KID3.
S62: the quantum key cloud platform receives the request, judges whether the quantum encryption agent has the authority to acquire the quantum key according to the DeviceName of the quantum encryption agent, searches whether the corresponding KID key exists if the quantum encryption agent has the authority, and generates the quantum identity key of the agent through the quantum random number generator or the QKD if the quantum identity key does not exist
Figure 958163DEST_PATH_IMAGE002
Quantum session key
Figure 223928DEST_PATH_IMAGE003
And verifying the quantum key
Figure 721905DEST_PATH_IMAGE004
Searching corresponding key encryption quantum key and check quantum key through DeviceName, encrypting the multiple groups of quantum keys by using the key encryption quantum key to generate key ciphertext data, generating key check data by using the check quantum key to the DeviceName and the key ciphertext data, and sending the key ciphertext data and the key check data to the quantum encryption agent.
S63, the quantum encryption agent receives response data of the quantum key cloud platform to obtain key ciphertext data and key check data, the check quantum key is used for checking the key check data, the key encryption quantum key is used for decrypting the key ciphertext data to obtain the quantum identity key
Figure 431235DEST_PATH_IMAGE002
Quantum session key
Figure 381874DEST_PATH_IMAGE003
And checking quantum key
Figure 451330DEST_PATH_IMAGE004
If the verification is passed, the acquisition is successful, otherwise, the acquisition is failed. And if the acquisition is successful, the quantum encryption agent sends an acquisition confirmation message to the quantum key cloud platform.
S7: the quantum encryption agent uses the negotiated quantum session key to encrypt and decrypt the transmitted data
And when the service terminal sends data to the service server, intercepting a data packet by using the quantum encryption agent. The quantum encryption agent respectively completes identity authentication on a quantum key cloud platform to obtain a quantum key, completes identity authentication and final quantum session key negotiation between the quantum encryption agents by using the obtained quantum key, and encrypts and decrypts data by using the quantum session key, and the method mainly comprises the following steps:
s71: when the service terminal sends data to the service server, the quantum encryption agent is used for intercepting a data packet, and the quantum encryption agent detects the quantum encryption of the opposite terminal side.
S72: and the quantum identity key K1 is utilized between the quantum encryption agents to complete bidirectional identity authentication through three times of transmission.
S73: and the quantum encryption agents negotiate a final quantum session key and a check quantum key by using the quantum session key distributed based on SM2 key negotiation and a quantum key cloud platform.
S74: encrypting the data packet by using a final quantum session key negotiated among the quantum encryption agents to form an encrypted data packet;
s75: the opposite side quantum encryption agent intercepts the encrypted data packet, decrypts the encrypted data packet and sends the decrypted data to the service server;
s76: the service server returns response data to the service terminal, the quantum encryption agent intercepts a response data packet, and encrypts the response data packet by using a quantum session key negotiated between the quantum encryption agents to form an encrypted data packet;
s77: the opposite side quantum encryption agent intercepts the encrypted data packet, decrypts the encrypted data packet and sends the decrypted data to the service terminal;
s8: the quantum encryption agent uses the quantum session key to encrypt and decrypt the transmitted data to form an encrypted data packet
When the service terminal sends data to the service server, intercepting a data packet by using the quantum encryption agent, and encrypting the data packet by using a quantum session key of the quantum encryption agent to form an encrypted data packet, wherein the method mainly comprises the following steps:
s81: when the service terminal sends data to the service server, the quantum encryption agent terminal intercepts a data packet, as shown in fig. 4, and splits the data packet into IP header data, protocol header data, and payload data, where the protocol header data and the payload data are determined as data to be encrypted. And encrypting the data to be encrypted into ciphertext data by using the quantum session key, and generating quantum check data by using the quantum encryption head and the ciphertext data by using the check quantum key. And encapsulating the quantum check data into an encrypted data packet according to the IP header, the quantum encryption ciphertext and the quantum check data, and sending the encrypted data packet to the opposite side quantum encryption agent.
S82: and the opposite side quantum encryption agent intercepts the encrypted data packet, and splits the encrypted data packet into an IP head, a quantum encryption head, data to be subjected to quantum decryption and data to be subjected to quantum verification. And verifying the data to be subjected to quantum verification by using a verification quantum key, decrypting the data to be subjected to quantum decryption by using a quantum session key, and encapsulating the decrypted data into a data packet according to an IP (Internet protocol) header, a protocol header and original data to be sent to the service server.
When the service server sends data to the service terminal, the quantum encryption agent is used for intercepting a data packet, and a quantum session key negotiated between the quantum encryption agents is used for encrypting the data packet to form an encrypted data packet, wherein the method mainly comprises the following steps:
s83: when the service server sends data to the service terminal, the quantum encryption agent is used to intercept a data packet, as shown in fig. 4, and the data packet is split into IP header data, protocol header data, and payload data, where the protocol header data and the payload data are determined as data to be encrypted. And encrypting the data to be encrypted into ciphertext data by using the quantum session key, and generating quantum check data by using the quantum encryption head and the ciphertext data by using the check quantum key. And encapsulating the quantum check data into an encrypted data packet according to the IP header, the quantum encryption ciphertext and the quantum check data, and sending the encrypted data packet to the opposite side quantum encryption agent.
S84: and the opposite side quantum encryption agent intercepts the encrypted data packet, splits the encrypted data packet into an IP (Internet protocol) head, a quantum encryption head, data to be subjected to quantum decryption and data to be subjected to quantum verification. And verifying the data to be subjected to quantum verification by using a verification quantum key, decrypting the data to be subjected to quantum decryption by using a quantum session key, and encapsulating the decrypted data into a data packet according to an IP (Internet protocol) head, a protocol head and original data to be sent to the service terminal.
Preferably, when the requirement of the encryption communication system on the bandwidth is strict, the encryption of the data can adopt an equal-length encryption mode, and it is ensured that the transparent encryption of the link does not affect the utilization rate of the bandwidth. As shown in fig. 5, the data packet is split into IP header data, protocol header data, and payload data, where the protocol header data and the payload data are defined as data to be encrypted, the data to be encrypted is encrypted into ciphertext data by using a quantum session key, and the ciphertext data and the data to be encrypted are guaranteed to be equal in length, for example, an SM4_ CTR manner is used for encryption, and the quantum encrypted ciphertext is encapsulated into an encrypted data packet according to the IP header.
In one embodiment of the invention, the quantum cryptography agent and the opposite-end quantum cryptography agent may be in a many-to-one relationship.
In one embodiment of the invention, the quantum encryption agent and the opposite-end quantum encryption agent can also complete encrypted communication of network data.
In one embodiment of the invention, the quantum encryption agents are deployed in series, the original network structure is not changed, configuration is not needed, the quantum encryption agents at opposite ends are automatically identified, and the method is simple and efficient.
In one embodiment of the invention, the quantum cryptography agent comprises a quantum random number module.
In an embodiment of the present invention, a symmetric encryption manner with quantum computing attack resistance is used in the encryption and decryption process between the quantum encryption agent and the quantum encryption agent, and a message authentication code with a key is used to verify the integrity of the key information and the ciphertext information.
In one embodiment of the invention, the device quantum information of the quantum cryptography agent can be updated online by a key update quantum key.
In an embodiment of the invention, the identity authentication between the quantum encryption agent and the quantum key cloud platform can be realized by completing identity authentication once for replacing the identity quantum key.
In an embodiment of the present invention, the quantum session key for encrypting and decrypting the network data by the quantum encryption agent and the peer-side quantum encryption agent may be updated to implement one-time pad.
In an embodiment of the present invention, the quantum encryption agent and the opposite-end quantum encryption agent encrypt network data in an encryption manner with equal cipher text and plaintext lengths, so as to fully ensure the effective utilization rate of bandwidth.
According to the structure and the method, the quantum information of the quantum encryption agent terminal and the quantum encryption agent gateway, the quantum session key and the check quantum key are managed in a centralized manner through the quantum key cloud platform, and the key distribution problem of a symmetric key system in the prior art is solved; the invention realizes the encryption communication of the network data between the quantum encryption agent and the quantum encryption agent under the condition of not changing the network architecture between the original service terminal and the service server; the quantum encryption agent and the opposite-end quantum encryption agent can encrypt network data in an encryption mode with equal length of ciphertext and plaintext, and the effective utilization rate of bandwidth is fully ensured; the quantum encryption agent can update the quantum information of the equipment through the quantum key cloud platform, so that one certificate and one cipher of the identity quantum key can be realized, one cipher of the key encryption quantum key can be realized, and the security of the quantum key centralized distribution is improved; by using the quantum identity key distributed by the quantum key cloud platform, identity authentication can be conveniently realized between the quantum encryption agent and the quantum encryption agent; the quantum session key negotiated between the quantum encryption agent and the quantum encryption agent can be updated as required, so that the one-time-pad communication encryption is realized, and the security of encrypted communication is improved.

Claims (11)

1. A link transparent encryption method based on a quantum key cloud platform is characterized by comprising the following steps:
s1: the quantum encryption agent registers on a quantum cryptography service platform;
s2, quantum information of quantum encryption agent equipment is updated, and the quantum information of the quantum encryption agent equipment can be updated in an off-line mode or an on-line mode;
s3, detecting between quantum encryption agents, wherein when data communication is carried out between a service terminal and a service server, the detection between the quantum encryption agents needs to be completed before network data are encrypted, whether the quantum encryption agents on the opposite side exist or not is judged, and if yes, key negotiation of network data encryption is carried out;
s4, identity authentication and quantum session key agreement between quantum encryption agents, wherein when data communication is carried out between a service terminal and a service server, encrypted data need to firstly negotiate a quantum session key, the quantum session key agreement comprises that the quantum encryption agents complete identity bidirectional authentication, and then a final quantum session key is negotiated on the basis of SM2 key agreement and a quantum session key distributed by a quantum key cloud platform;
s5, quantum encryption agent is used for quantum key cloud platform identity authentication;
s6, quantum encryption agent vector quantum key cloud platform obtains a quantum key;
s7, the quantum encryption agent uses the negotiated quantum session key to encrypt and decrypt the transmitted data;
and S8, the quantum encryption agent encrypts and decrypts the transmitted data by using the quantum session key to form an encrypted data packet.
2. The quantum key cloud platform-based link transparent encryption method according to claim 1, wherein the step S1 specifically comprises:
s11: logging in a quantum key cloud platform management system for registration, inputting quantum encryption agent equipment information, generating quantum encryption agent information and a plurality of groups of quantum symmetric keys which are associated with quantum encryption agents, and storing the quantum symmetric keys in the quantum key cloud platform,
s12: and simultaneously, downloading the information of the quantum encryption agent and a plurality of groups of quantum symmetric keys, and storing the information and the plurality of groups of quantum symmetric keys into the quantum encryption agent.
3. The quantum key cloud platform-based link transparent encryption method according to claim 1, wherein the step S2 specifically comprises:
s21: the quantum encryption agent requests the child key cloud platform to update device quantum information,
s22: the quantum key cloud platform receives the request, searches the corresponding key updating quantum key and the corresponding check quantum key through the DeviceName, generates a new identity quantum key, a new key encryption quantum key, a new key updating quantum key and a new check quantum key of the equipment, encrypts the new multiple groups of quantum keys by using the key updating quantum key to generate key ciphertext data, generates key check data for the DeviceName and the key ciphertext data by using the check quantum key, and sends the key ciphertext data and the key check data to the quantum encryption agent,
s23, the quantum encryption agent receives response data of the quantum key cloud platform to obtain key ciphertext data and key check data, the check quantum key is used for checking the key check data, the key updating quantum key is used for decrypting the key ciphertext data to obtain a new identity quantum key, a new key encryption quantum key, a new key updating quantum key and a new check quantum key, if the check is passed, the updating is successful, otherwise, the updating is failed, and if the updating is successful, the quantum encryption agent terminal and the quantum encryption agent gateway transmit an updating confirmation message to the quantum key cloud platform.
4. The quantum key cloud platform-based link transparent encryption method according to claim 1, wherein the step S3 specifically comprises:
s31: when the service terminal sends data to the service server, the quantum encryption agent terminal intercepts the data packet, judges whether the negotiated quantum session key exists or not, directly encrypts the data by the negotiated quantum session key if the negotiated quantum session key exists,
otherwise, carrying out quantum session key agreement;
s32: the quantum encryption agent detects whether a quantum encryption agent exists at the opposite end, and sends a detection initial message;
s33: the opposite side quantum encryption agent receives the detection packet and responds to the detection initial message;
s34: the quantum encryption agent requests a quantum key to the quantum key cloud platform, and the quantum key cloud platform responds to the quantum key request message and encrypts the quantum key by adopting the key;
s35: the quantum encryption agent sends a detection handshake message to the opposite-end quantum encryption agent;
s36: the opposite side quantum encryption agent receives the message, requests the quantum key from the quantum key cloud platform, the quantum key cloud platform responds to the quantum key request message and encrypts the quantum key by adopting the key encryption, the opposite side quantum encryption agent sends a detection handshake response message,
s37: and the quantum encryption agent receives the message and sends a detection handshake confirmation message to the opposite-end quantum encryption agent.
5. The quantum key cloud platform-based link transparent encryption method according to claim 1, wherein the step S4 specifically comprises:
s41: the quantum encryption agents use the quantum identity key to complete bidirectional identity authentication through multiple transmissions;
s42: and negotiating a final quantum session key based on the SM2 key negotiation and the quantum session key distributed by the quantum key cloud platform.
6. The link transparent encryption method based on the quantum key cloud platform as claimed in claim 1, wherein in step S6, the quantum encryption agent obtains the quantum key to the quantum key cloud platform by the specific process:
s61: the quantum encryption agent requests a quantum key cloud platform to obtain a quantum key,
s62: the quantum key cloud platform receives the request, judges whether the quantum encryption agent has the authority to acquire the quantum key according to the own DeviceName, if the quantum encryption agent has the corresponding authority, searches whether the corresponding KID key exists, if the quantum encryption agent does not have the authority, generates a quantum identity key quantum session key and a check quantum key of the agent through a quantum random number generator or a QKD, searches the corresponding key encryption quantum key and the check quantum key through the DeviceName, encrypts the multiple groups of quantum keys by using the key encryption quantum key to generate key ciphertext data, generates key check data by using the check quantum key to the DeviceName and the key ciphertext data, and sends the key ciphertext data and the key check data to the quantum encryption agent;
s63, the quantum encryption agent receives response data of the quantum key cloud platform to obtain key ciphertext data and key check data, the check quantum key is used for checking the key check data, the key encryption quantum key is used for decrypting the key ciphertext data to obtain a quantum identity key quantum session key and a check quantum key, if the check is passed, the check is successful, otherwise, the check is failed, and if the check is successful, the quantum encryption agent sends an acquisition confirmation message to the quantum key cloud platform.
7. The quantum key cloud platform-based link transparent encryption method of claim 1, wherein in step S7, the quantum encryption agent encrypts and decrypts the transmitted data by using the negotiated quantum session key, and the specific steps include:
when a business terminal sends data to a business server, the quantum encryption agent is used for intercepting a data packet, the quantum encryption agent respectively completes identity authentication on a quantum key cloud platform, a quantum key is obtained, the obtained quantum key is used for completing identity authentication between the quantum encryption agents and final quantum session key negotiation, and the quantum session key is used for encrypting and decrypting the data, and the method comprises the following steps:
s71: when a service terminal sends data to a service server, the quantum encryption agent intercepts a data packet and detects the quantum encryption of the opposite terminal side;
s72: the quantum encryption agent uses the quantum identity key to complete bidirectional identity authentication through multiple transmissions,
s73: the quantum encryption agents negotiate a final quantum session key and a check quantum key by using a quantum session key distributed based on SM2 key negotiation and a quantum key cloud platform;
s74: encrypting the data packet by using a final quantum session key negotiated among the quantum encryption agents to form an encrypted data packet;
s75: the opposite side quantum encryption agent intercepts the encrypted data packet, decrypts the encrypted data packet and sends the decrypted data to the service server;
s76: the service server returns response data to the service terminal, the quantum encryption agent intercepts a response data packet, and encrypts the response data packet by using a quantum session key negotiated between the quantum encryption agents to form an encrypted data packet;
s77: and the opposite side quantum encryption agent intercepts the encrypted data packet, decrypts the encrypted data packet and sends the decrypted data to the service terminal.
8. The quantum key cloud platform-based link transparent encryption method of claim 1, wherein in step S8, the quantum encryption agent encrypts and decrypts the transmitted data by using the quantum session key to form an encrypted data packet, and the specific steps include:
s81: when the service terminal sends data to the service server, the quantum encryption agent terminal intercepts the data packet,
s82: intercepting the encrypted data packet by a counter-side quantum encryption agent, and splitting the encrypted data packet into an IP (Internet protocol) head, a quantum encryption head, data to be quantum decrypted and data to be quantum verified;
s83: when the service server sends data to the service terminal, the quantum encryption agent is used for intercepting data packets,
s84: and the opposite side quantum encryption agent intercepts the encrypted data packet, and splits the encrypted data packet into an IP head, a quantum encryption head, data to be subjected to quantum decryption and data to be subjected to quantum verification.
9. A link transparent encryption system based on a quantum key cloud platform is characterized by comprising the quantum key cloud platform and a quantum encryption agent, wherein a service terminal and the quantum encryption agent are connected in series, a service server and the quantum encryption agent are connected in series,
the quantum key cloud platform completes the centralized management of quantum keys and is responsible for providing identity authentication service and quantum key management service for the quantum encryption agent;
the quantum encryption agent registers to the quantum key cloud platform, identity authentication is completed, a quantum key is obtained, identity authentication and session key negotiation are completed between the quantum encryption agent and the quantum encryption agent, and network transmission data are encrypted and decrypted.
10. The quantum key cloud platform-based link transparent encryption system of claim 9, wherein the quantum key cloud platform comprises a quantum random number module, a QKD networking module, a quantum key management module, a registration module, an identity authentication service module and a quantum key service module, the quantum key cloud platform is responsible for generating quantum keys, the key management module is responsible for managing quantum keys, the identity authentication module is responsible for identity authentication of quantum encryption agent access, and the quantum key service module is responsible for providing quantum key services to quantum encryption agents.
11. The quantum key cloud platform-based link transparent encryption system of claim 9, wherein the quantum encryption agent comprises a detection module, a quantum random number module, an identity authentication module, a key agreement module, a network data processing module, and a data encryption and decryption module, the quantum encryption agent completes identity authentication to the quantum key cloud platform and requests quantum key service, and completes identity authentication and negotiates a quantum session key between the quantum encryption agents, and processes network data to complete encryption and decryption of the network data.
CN202211106918.5A 2022-09-13 2022-09-13 Quantum key cloud platform-based link transparent encryption method and system Pending CN115459913A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211106918.5A CN115459913A (en) 2022-09-13 2022-09-13 Quantum key cloud platform-based link transparent encryption method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211106918.5A CN115459913A (en) 2022-09-13 2022-09-13 Quantum key cloud platform-based link transparent encryption method and system

Publications (1)

Publication Number Publication Date
CN115459913A true CN115459913A (en) 2022-12-09

Family

ID=84303129

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211106918.5A Pending CN115459913A (en) 2022-09-13 2022-09-13 Quantum key cloud platform-based link transparent encryption method and system

Country Status (1)

Country Link
CN (1) CN115459913A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117527208A (en) * 2023-10-27 2024-02-06 梵迩佳智能科技有限公司 Application method and device of low-voltage station quantum encryption communication technology

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117527208A (en) * 2023-10-27 2024-02-06 梵迩佳智能科技有限公司 Application method and device of low-voltage station quantum encryption communication technology
CN117527208B (en) * 2023-10-27 2024-05-14 梵迩佳智能科技有限公司 Application method and device of low-voltage station quantum encryption communication technology

Similar Documents

Publication Publication Date Title
US11575660B2 (en) End-to-end encryption for personal communication nodes
CN107612899B (en) OpenVPN secure communication method and communication system based on quantum key
CN108599925B (en) Improved AKA identity authentication system and method based on quantum communication network
US9008312B2 (en) System and method of creating and sending broadcast and multicast data
JP2020202594A (en) Computer implemented system and method for secure session establishment and encrypted exchange of data
JPH07107083A (en) Cipher communication system
CN111756529B (en) Quantum session key distribution method and system
CN112637136A (en) Encrypted communication method and system
CN113193957B (en) Quantum key service method and system separated from quantum network
KR20180130203A (en) APPARATUS FOR AUTHENTICATING IoT DEVICE AND METHOD FOR USING THE SAME
CN110999202A (en) Computer-implemented system and method for highly secure, high-speed encryption and transmission of data
CN115459912A (en) Communication encryption method and system based on quantum key centralized management
CN114221765A (en) Quantum key distribution method for fusion of QKD network and classical cryptographic algorithm
KR101704540B1 (en) A method of managing group keys for sharing data between multiple devices in M2M environment
Cho et al. Using QKD in MACsec for secure Ethernet networks
Lizardo et al. End-to-end secure group communication for the Internet of Things
CN115459913A (en) Quantum key cloud platform-based link transparent encryption method and system
Coruh et al. Hybrid secure authentication and key exchange scheme for M2M home networks
Büttner et al. Real-world evaluation of an anonymous authenticated key agreement protocol for vehicular ad-hoc networks
CN113193958A (en) High-safety high-efficiency quantum key service method and system
CN114928503B (en) Method for realizing secure channel and data transmission method
US20220345298A1 (en) Systems and methods for providing signatureless, confidential and authentication of data during handshake for classical and quantum computing environments
CN113364803B (en) Block chain-based security authentication method for power distribution Internet of things
KR101886367B1 (en) Generation of device individual session key in inter-object communication network and verification of encryption and decryption function between devices using it
CN212115338U (en) IPSEC cipher machine with quantum computation resistant function

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination